The Project Zero Prize contest encourages people to find vulnerabilities in the Nexus 6P and 5X handsets.
Google is giving away upwards of $200,000 to find exploits in its Nexus 6P and Nexus 5X handsets.
The Project Zero Prize contest encourages hackers to find a vulnerability or bug chain knowing only the device’s phone number and email address.
“Despite the existence of vulnerability rewards programs at Google and other companies, many unique, high-quality security bugs have been discovered as a result of hacking contests,” Natalie Silvanovich, exploit enthusiast, wrote on the Google Project Zero blog. “Hoping to continue the stream of great bugs, we’ve decided to start our own contest.”
Successful submissions are eligible for one of three rewards: $200,000 for first place, $100,000 for second place, and at least $50,000 to any “additional winning entries.” Winners will be invited to write a short technical report on their exploit for publication on the Project Zero blog.
“This contest will be structured a bit differently than other contests,” Silvanovich said.
Instead of waiting to collect an entire bug chain, for example, participants are asked to report vulnerabilities in the Android issue tracker for submission at any time during the six-month challenge.
Any unused bugs will be considered for Android Security Rewards and other eligible programs at Google.
A year after expanding its bug bounty program to cover Android-powered gadgets, Google in June announced $550,000 in payouts.
That money was distributed among 82 security researchers for an average $2,200 per reward and $6,700 per individual.
Moving forward, Google said it will pay 33 percent more for “high-quality” vulnerability reports with proof of concept. “We’re hoping this contest will improve the public body of knowledge on these types of exploits,” Silvanovich said. “Also, we’re hoping to get dangerous bugs fixes to they don’t impact users.”